Dealing with This is a great little article that I came across talking about stopping FTP brute force attacks in OpenBSD or FreeBSD (both of my favorite OS’s). It assumes that your using PF as your firewall (which you should!).
You can easily stop bruteforce attacks by limiting connections per IP using pf
firewall under FreeBSD or OpenBSD.
# vi /etc/pf.conf
Update it as follows:
# the lists of known FTPD attackers table persist file "/etc/pf.ftp.block.list" # block all incoming connections from attackers on FTPD block in quick on $ext_if from # Let us allow FTP with bruteforce protection pass in quick on $ext_if inet proto tcp from any to ($ext_if) port 21 keep state (max-src-conn-rate 5/40, overload flush global)
Above will block FTP connections more than 5 times in 40 seconds. Also append the following line to /etc/rc.shutdown to keep changes after the reboot:
# echo '/sbin/pfctl -t ftp-attacks -T show > /etc/pf.ftp.block.list' >> /etc/rc.shutdown
Finally, reload pf firewall:
# /etc/rc.d/pf reload
To list currently blocked IP (attackers IP), enter:
# pfctl -t ftp-attacks -T show
And their you have it.
And as always, thank you for taking the time to read this. If you have any comments, questions, or critiques, please reach out to me on our FREE ML Security Discord Server – HERE